From nmap scan we found ports 21,80,2222 total three ports are open
lets try to see webpage any information we can get from web site
only apache page is displaying and version apache running
lets brute-force directories using gobuster
we found simple directory is available
Let’s check the directory
it is an CMS website running on version 2.2.8 lets search in google or else you can use searchsploit in kali
we found an exploit based on sqli injection
using the exploit we found the username and password
using this credentials let’s log in to ssh using port 2222
we got user flag and for privilege escalation sudo -l we found vim as full permissions so got to GTFObins find for vim escalation I found
sudo vim -c ‘:!/bin.sh’ >> from this we got root shell and root flag
